rails.git - Mirror of official rails repo with custom fixes.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Use frozen string literal in actionpack/	Kir Shatrov	2017-07-29	1	-0/+2
\|
*	Revert "Merge pull request #29540 from kirs/rubocop-frozen-string"	Matthew Draper	2017-07-02	1	-1/+0
\| \| \| \| \|	This reverts commit 3420a14590c0e6915d8b6c242887f74adb4120f9, reversing changes made to afb66a5a598ce4ac74ad84b125a5abf046dcf5aa.
*	Enforce frozen string in Rubocop	Kir Shatrov	2017-07-01	1	-0/+1
\|
*	Add more rubocop rules about whitespaces	Rafael Mendonça França	2016-10-29	1	-2/+2
\|
*	Add three new rubocop rules	Rafael Mendonça França	2016-08-16	1	-29/+29
\| \| \| \| \| \| \| \|	Style/SpaceBeforeBlockBraces Style/SpaceInsideBlockBraces Style/SpaceInsideHashLiteralBraces Fix all violations in the repository.
*	modernizes hash syntax in actionpack	Xavier Noria	2016-08-06	1	-2/+2
\|
*	applies new string literal convention in actionpack/test	Xavier Noria	2016-08-06	1	-16/+16
\| \| \| \| \|	The current code base is not uniform. After some discussion, we have chosen to go with double quotes by default.
*	Deprecate :controller and :action path parameters	Andrew White	2016-03-01	1	-2/+6
\| \| \| \| \| \| \| \|	Allowing :controller and :action values to be specified via the path in config/routes.rb has been an underlying cause of a number of issues in Rails that have resulted in security releases. In light of this it's better that controllers and actions are explicitly whitelisted rather than trying to blacklist or sanitize 'bad' values.
*	Consistent usage of spaces in hashes across our codebase	Rafael Mendonça França	2015-01-29	1	-1/+1
\|
*	Switch to kwargs in ActionController::TestCase and ActionDispatch::Integration	Kir Shatrov	2015-01-29	1	-3/+2
\| \| \| \| \| \| \| \|	Non-kwargs requests are deprecated now. Guides are updated as well. `post url, nil, nil, { a: 'b' }` doesn't make sense. `post url, params: { y: x }, session: { a: 'b' }` would be an explicit way to do the same
*	Don't convert empty arrays to nils when deep munging params	Chris Sinjakli	2014-12-15	1	-2/+2
\|
*	Avoid hardcoded value in test setup/teardown.	Zuhao Wan	2014-06-05	1	-1/+2
\|
*	Add configuration option to optionally disable deep_munge	Bernard Potocki	2013-12-05	1	-0/+15
\|
*	Deep Munge the parameters for GET and POST	Michael Koziarski	2013-12-02	1	-0/+15
\| \| \| \| \| \| \| \|	The previous implementation of this functionality could be accidentally subverted by instantiating a raw Rack::Request before the first Rails::Request was constructed. Fixes CVE-2013-6417
*	Remove :yaml related tests and fix other related to parsing empty arrays	Carlos Antonio da Silva	2013-01-08	1	-2/+2
\| \| \| \|	All Action Pack tests are green.
*	Fix build	Santiago Pastorino	2012-06-13	1	-2/+2
\|
*	Array parameters should not contain nil values.	Aaron Patterson	2012-06-12	1	-0/+4
\|
*	Strip [nil] from parameters hash.	Aaron Patterson	2012-05-30	1	-1/+6
\| \| \| \| \| \|	Thanks to Ben Murphy for reporting this! CVE-2012-2660
*	Raise ActionController::BadRequest for malformed parameter hashes.	Andrew White	2012-05-20	1	-0/+11
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Currently Rack raises a TypeError when it encounters a malformed or ambiguous hash like `foo[]=bar&foo[4]=bar`. Rather than pass this through to the application this commit captures the exception and re-raises it using a new ActionController::BadRequest exception. The new ActionController::BadRequest exception returns a 400 error instead of the 500 error that would've been returned by the original TypeError. This allows exception notification libraries to ignore these errors if so desired. Closes #3051
*	Remove default match without specified method	Jose and Yehuda	2012-04-24	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	In the current router DSL, using the +match+ DSL method will match all verbs for the path to the specified endpoint. In the vast majority of cases, people are currently using +match+ when they actually mean +get+. This introduces security implications. This commit disallows calling +match+ without an HTTP verb constraint by default. To explicitly match all verbs, this commit also adds a :via => :all option to +match+. Closes #5964
*	Remove deprecated stuff in ActionController	Carlos Antonio da Silva	2010-09-26	1	-1/+1
\| \| \| \| \| \|	This removes all deprecated classes in ActionController related to Routing, Abstract Request/Response and Integration/IntegrationTest. All tests and docs were changed to ActionDispatch instead of ActionController.
*	Removed deprecated RouteSet API, still many tests fail	Piotr Sarnacki	2010-09-05	1	-1/+1
\|
*	Ruby 1.9: resolve constant lookup issues	Jeremy Kemper	2009-11-04	1	-2/+2
\|
*	Start rewriting some internal tests to use the new routing dsl	Joshua Peek	2009-10-20	1	-1/+1
\|
*	Add custom "with_routing" to internal tests to fix reseting session after using	Joshua Peek	2009-10-03	1	-1/+0
\| \| \| \|	with_routing. This only affects our internal AP tests.
*	Reset session in integration tests after changing routes to reload the ↵	Joshua Peek	2009-08-27	1	-0/+1
\| \| \| \|	middleware stack
*	Move dispatch related tests into test/dispatch	Joshua Peek	2009-01-28	1	-0/+120